Monday - Friday, 6-9 a.m.

Host Tom Temin brings you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews below.

Email this article to a friend

Top 10 cyber accomplishments since 2006

Tuesday - 10/23/2012, 1:22pm EDT

Federal News Radio polled current and former federal cybersecurity experts for
their opinion on what were the most significant accomplishments since 2006 to
secure federal networks and improve public-private partnerships, and what are the
biggest and most critical remaining challenges. The lists blend suggestions of
more than 10 authorities on federal cybersecurity. The accomplishments are in no
particular order.

Comprehensive National Cybersecurity Initiative

— The
White House developed the Comprehensive National Cybersecurity Initiative
(CNCI) in 2008 —
including the Trusted Internet Connections (TIC) Initiative and Einstein 3
intrusion detection and prevention program. It was the first governmentwide policy
to address the threats and challenges in cyberspace.

U.S. Cyber Command

DoD Information Sharing

— DoD created the
Defense Industrial Base pilot to
enhance the
security of the defense supply chain. It also put the Defense Cyber Crime Center
(DC3) on the map as the DIB front door helping to fuse DC3's forensics capability
with the National Counter Intelligence Center and the law enforcement community.

Cyber coordinator

— The creation of the position in the White House
and within both the National
Security Council and National Economic Council was a recognition of both the
importance of cybersecurity and the threat the nation faces. It also lifted
cybersecurity to become an issue the most senior managers recognized as important.

800-53 Integration

— DoD, the intelligence
community and
the National
Institute
of Standards and Technology worked together to interlock policies to
create the national risk management
framework. The special publication also showed how the government and private
sector could collaborate on security controls.

Continuous Monitoring

— The State Department
demonstrated
how it could
move
monitor its networks in
near-real time and increase their security. For instance, State performed
world-
wide patching of the Google security vulnerability within days. Agencies also are
submitting data feeds about the status of their networks to cyberscope.

Consensus Audit Guidelines

— Public and private
sector
experts agreed
upon the
20 steps that agencies and organizations can take
immediately to
close up holes in their networks and systems. The guidelines were drawn, in part,
from the Air Force's creation of a standardized desktop configuration. State also
showed the guidelines reduced its measured security risk by more than 94 percent
through the automation and measurement of the controls.

DHS Responsibility Grows

— The Office of
Management and
Budget gave the
transferred the operational authority of the Federal
Information
Management Act (FISMA) to DHS in July 2010. DHS now has a more active role in
FISMA oversight, will implement continuous monitoring and uses blue and red teams
to ensure agency networks are secured. Additionally, DHS established the National
Cybersecurity and Communications Integration Center (NCIC) in 2009 as a
coordinated watch and warning center to address threats to the nation's critical
infrastructure.

National Level Cybersecurity Exercise

— DHS held
the first
cyber storm
in
February 2006 and three more since to prepare federal, state, local and private
sector organizations for the possibility of a cyber attack or other cyber problem. It also
has helped senior
officials better grasp the implications of a cyber attack.